IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions

From msgwiki
Jump to navigation Jump to search
Access restrictions were established for this page. If you see this message, you have no access to this page.
No edit summary
No edit summary
Line 19: Line 19:
<br>
<br>
<code>sudo apt-get update</code>
<code>sudo apt-get update</code>
<br>
<code>sudo apt-get install certbot python-certbot-apache</code>
<code>sudo apt-get install certbot python-certbot-apache</code>



Revision as of 05:17, 5 March 2020

  • This is a wonderful tool to install and manage SSL certificates on servers.

Background

  1. certbot is a tool that manages Lets Encrypt certificates.
  2. Get it from from here.
  3. Their documentation is really well done.
  4. Know what version you are on

apt-cache policy certbot | grep -i Installed

Install

  1. You can install from the package maintaners version from 18.04 and on
  2. I recommend the ppa version
    1. Certbot PPA=

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Use

    • Basic installation of a certificate on apache
      • You can go to the website above for more details on other platforms.

sudo certbot

Checking Certificates

sudo certbot certificates

  • You will get a nice list of certs with their expiry dates.

Renewing Certificates

    • This must be done every 90 days and can be done as much as 30 days early

sudo certbot renew

Force Renewal

    • This can eat into your allotment so only do as needed
      • This needed to happen once due to a Lets Encrypt bug

sudo certbot --force-renewal

  • You still need to pick the domains and then choose to redirect https is you want.
    • Normally we do want the forced redirect to https.